respds4

  
RESPOND TO THESE DISCUSSION POST BASED ON THE TOPIC “Access control is a security measure that ensures that all types of data are protected from unauthorized disclosure or modification. Access control approaches determine how users interact with data and other network resources.
 In an initial post:
Explain a scenario where you would apply one of the four access control measures. Why would you select one over the others?
Continue the discussion by evaluating how mandatory vacation can be used as a tool to detect fraud and help employees release their work stress.
Then, respond to your classmates. Did you agree with their opinion of the most important access control measure to use in their scenario? Why or why not?.” (TWO (2) PARAGRAPHS EACH WITH REFERENCES ON EACH OF THEM SEPARATELY, NOT TOGETHER)

Please view article here http://web.archive.org/web/20150110053317/http:/www.pmi.org/~/media/PDF/Knowledge%20Center/PM%20Network%20Requirements%20Article.aspx

1.dAvD dUfLA  
My first thought was of an ERP system. Separation of duties is a classic method to manage conflict of interest (Gregg, Nam, Northcutt, Pokladnik, n.d.). The scenario that comes to mind is related to sales staff and accounting staff assigned access with Role Based Access Control (RBAC). The process of defining roles is usually based on analyzing the fundamental goals and structure of an organization and is usually linked to the security policy (owasp.org, 2016). In an ERP, sales staff would be assigned roles to create orders for customers and take payment. This means sales staff would only have access to customer data and order data. Accounting staff would have access to payment processor data, credit card records from a company like Authorize.net, and access to the ERP accounting data. This would separate the duties between the person who accepts payment and a person who reviews and validates records matching orders. This would prevent sales staff from potentially giving away products to friends and family by having a review process for orders. Sales staff wouldn’t have the ability to access accounting modules to cover fraudulent activity.
RBAC is also very useful for seasonal staff and temp staff. The use of seasonal staff signifies and spike in business which indicates a need to rapidly scale up and scale down. RBAC allows administrators to quickly assign predefined roles to staff that may be hired and start employment all within a very short window. 

2.jFfY pIcD). Wk4
At work we have a program called backoffice were regular store employees, assistant managers and the store manager can access different functions on the POS to gain different information. When an employee is set up in the POS they are given an access level either access 1, which allows full access to functions in back office, access 2, which allows most functions to be accessed in backoffice, or access level 3, which has very VERY limited access and allows the user to access the most basic of functions in back office. I would consider this to be Role Based Access Control because you are given your access level based on your position in the store. Store Managers have level 1, Assistant Managers are level 2, and all other employees are level 3. This helps to ensure that the correct tasks can be accessed by the correct position and certain information is not seen or accessed by those not authorized to see it.
I am a strong believer that everyone should be allowed vacation time throughout somepoint in the year. I found it interesting that it could be used to detect fraud because managers can use the time that the employee has off to investigate and see if they are doing anything that could harm the company. It is also a way for employees to release their work stress because it gives them time away from work to be with thier familes and to relax

3.bReT gAtH).Discss
I work in many regulatory environments, and so we have multiple programs institute rule-based access control, in addition to the other three types.  The rule-based access control has been employed in certain evidence databases whereby staff have access to their group’s evidence (role-based), however, access to certain evidence within each group may only be allowed if you have certain rights (rule-based), e.g., are on an additional list.  In addition, managers from each group (role-based), have the ability to “invite” staff from other groups to view their protected material (a mixture of role- and rule-base access control).
To expand, we generally break up individuals by departments and sometimes by subgroups within the department.  In some instances we have created groups of “managers”.  This second group is normally created to assist with an approval process.  The grouping is generally role-based as described initially, however, the approval process described would most likely have characteristics of a roll- and rule-based configuration.

PLEASE READ THIS.IT IS VERY IMPORTANT
Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points.  You must discuss the topic using your own words first.  Using your own words indicate you understand the topic of discussions.  Secondly, you must cite your sources in-text.  This is necessary to justify your points. Sources from several sources showed good research abilities.  Lastly, you must provide references at the bottom of your post.  A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this.  You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources.

www.citationmachine.net to format references into the APA style if necessary. Extremely important. Intext citations is very essential and highly needed as well.

use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements:2 PAPARAGRAPHS FOR EACH PROMPT ANSWER. Make sure you cite if you take a piece of someone’s work, very important and your reference should relate to your writing (don’t cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.